feat: update

Paul-B98 · Paul-B98 · commit e344965f4e93 · 2026-06-12T18:49:40.000Z
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,6 +1,4 @@
-FROM python:3.14
+FROM python:3.14.6-trixie
+COPY --from=ghcr.io/astral-sh/uv:0.11.21 /uv /uvx /bin/
 
 ENV PYTHONUNBUFFERED 1
-
-# Install Python Deps
-RUN pip install --upgrade pip pre-commit uv
diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt
@@ -0,0 +1 @@
+pre-commit==4.6.0
diff --git a/.devcontainer/scripts/initialize.sh b/.devcontainer/scripts/initialize.sh
@@ -1 +1,3 @@
-docker pull python:3.14
+cd .devcontainer
+docker compose pull
+cd -
diff --git a/.devcontainer/scripts/post-create.sh b/.devcontainer/scripts/post-create.sh
@@ -3,4 +3,7 @@ echo "source /usr/share/bash-completion/completions/git" >> ~/.bashrc
 echo 'export GPG_TTY="$( tty )"' >> ~/.bashrc
 
 # install deps
+pip install --upgrade pip
+pip install -r .devcontainer/requirements.txt  # global deps
+
 pre-commit install
diff --git a/.github/workflows/continuous_delivery.yaml b/.github/workflows/continuous_delivery.yaml
@@ -12,7 +12,7 @@ env:
 
 jobs:
   build:
-    environment: cd-env
+    environment: release
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -24,18 +24,14 @@ jobs:
       id-token: write
 
     steps:
-    - uses: actions/checkout@v6
-
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v6
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+    - name: Install uv
+      uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
       with:
         python-version: ${{ matrix.python-version }}
 
     - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install uv
-        uv sync
+      run: uv sync --all-groups
 
     - name: Build and publish Package
       env:
@@ -48,15 +44,15 @@ jobs:
 
     # Build and push Docker image
     - name: Log in to the Container registry
-      uses: docker/login-action@v5
+      uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
       with:
         registry: ${{ env.REGISTRY }}
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker metadata
       id: meta
-      uses: docker/metadata-action@v6
+      uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
       with:
         images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
         tags: |
@@ -65,15 +61,15 @@ jobs:
 
     - name: Build and push Docker image
       id: push
-      uses: docker/build-push-action@v7
+      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
       with:
         context: .
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
 
     - name: Generate artifact attestation
-      uses: actions/attest-build-provenance@v4
+      uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
       with:
         subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
         subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/continuous_integration.yml b/.github/workflows/continuous_integration.yml
@@ -2,41 +2,46 @@
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
 
 name: Continuous Integration (Python)
-on: push
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
 
 jobs:
   build:
-    # environment: project_name
     runs-on: ubuntu-latest
     strategy:
       matrix:
         python-version: ["3.14"]  # Add more Python versions to test here
 
     steps:
-    - uses: actions/checkout@v6
-
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v6
-      with:
-        python-version: ${{ matrix.python-version }}
-
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
     - name: Install uv
-      uses: astral-sh/setup-uv@v7
+      uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
       with:
         python-version: ${{ matrix.python-version }}
 
     - name: Install dependencies
-      run: |
-        uv sync --all-groups --all-extras
+      run: uv sync --all-groups
 
     - name: Lint with ruff
       run: uv run ruff check . --output-format=github
+
     - name: Check types with ty
       run: uv run ty check . --output-format=github
+
     - name: Test with pytest
-      run: uv run pytest .
+      run: uv run pytest
 
-    # - name: Coveralls
-    #   env:
-    #     github-token: ${{ secrets.GITHUB_TOKEN }}
-    #   uses: coverallsapp/github-action@v2.3.7
+    - name: Upload coverage report
+      if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
+      uses: actions/upload-code-coverage@abb5995db9e0199b0e2bb9dbd136fce4cb1ec4d3 # v1.3.0
+      with:
+        file: coverage.xml
+        language: Python
+        label: code-coverage/pytest
diff --git a/CLAUDE.md b/CLAUDE.md
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 # Build stage
-FROM python:3.14-slim-bookworm AS builder
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+FROM python:3.14.6-slim-trixie AS builder
+COPY --from=ghcr.io/astral-sh/uv:0.11.21 /uv /uvx /bin/
 
 WORKDIR /app
 
@@ -10,7 +10,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
     uv sync --locked --no-editable --no-default-groups
 
 
-FROM python:3.14-slim-bookworm AS final
+FROM python:3.14.6-slim-trixie AS final
 
 RUN useradd --user-group --system --create-home --no-log-init app \
     && mkdir -p /app \
